INDIA — The All India Institute of Medical Sciences (AIIMS), New Delhi, one of India’s top medical institutes, has been forced to operate manually due to a ransomware attack on its hospital management system, which severely impacted several services.
The hospital has since issued a fresh set of standard operating procedures for admission, discharge, and transfer of patients to be done manually while the systems are down, according to ANI News.
Birth and death certificates will also be made manually on physical forms, as per the instructions of the working committee.
The hospital has stated that only urgent samples are to be sent with filled forms and only urgent investigations are to be sent until the systems get back online.
AIIMS said in a statement that a team from the National Informatics Centre (NIC) working at AIIMS has informed that this may be a ransomware attack.
If this proves to be a ransomware attack, it will be investigated by appropriate law enforcement authorities, AIIMS said.
AIIMS is a multi-specialty research university and hospital that is visited by thousands of patients from across the country. It operates autonomously under the Ministry of Health and Family Welfare.
AIIMS has already reported the incident to the appropriate law enforcement authorities and the matter is under investigation.
“Measures are being taken to restore the digital services and support is being sought from the Indian Computer Emergency Response Team (Cert-In) and National Informatics Centre,” AIIMS said.
AIIMS did not clarify if there has been any demand made for a ransom yet. It also did not clarify if the attack impacted AIIMS facilities in other Indian cities. There are eight AIIMS facilities across India.
According to a news report, the cyber incident may have compromised the hospital records of approximately 40 million patients.
The exploited AIIMS database may have included personal patient information (PPI) and healthcare workers, as well as information on blood donors, ambulances, vaccinations, caregivers, and employee login credentials.
This major cyber-attack occurs as the forerunner AIIMS prepares to fully implement the e-hospital system as part of its transition to a paperless hospital next year.
The NIC-developed e-hospital platform is a Health Management Information System (HMIS) hosted on the MeghRaj national cloud system that allows for the digitization of internal workflows and processes and serves as a single digital platform connecting patients, hospitals, and doctors.
AIIMS Delhi will also go all-digital for payments beginning in April of next year. It is currently installing a smart card payment system at its counters.
Attackers target medical institutions
Medical institutions have increasingly been on the radar of threat actors due to the huge amount of personal patient information they store that can be sold on the dark web.
According to a CloudSek report, cyberattacks on the healthcare industry increased by more than 95% in the first four months of 2022 compared to the same period last year.
CommonSpirit Health was recently the victim of a cyberattack, which forced the company to shut down certain computer systems.
The Chicago-based company operates 140 hospitals and over 1,000 care sites in 21 states across the United States.
The healthcare company stated earlier this month that it is still working to bring its systems back online and restore full functionality.